Releases: cloud-pi-native/socle
v2.6.0
2.6.0 (2024-06-14)
Features
- ✨ add dsc.global.platform (Vanilla) (682512f)
- ✨ Add gitlab-ci-pipelines-exporter (9c47614)
- ✨ Add keycloak binding, dashboards + refactor (f447b31)
- ✨ Add Keycloak CNPG PodMonitor (f582691)
- ✨ Add PodMonitor for remaining CNPG clusters (d8ba40f)
- ✨ Declare CNPG Dashboard (76350c2)
- ✨ enable keycloak dsfr theme (445b819)
- ✨ Reset Keycloak admin when keycloak secret disapeared (42bd6cc)
- ✨ Set OTP encryption algorithm (da9c416)
- ✨ use cnpg clusters for all services (400f429)
- ✨ use console chart instead of embed helm in console repo (64620a2)
- 🧑💻 enable oidc connection for admins (df339a9)
- ⚡ Improve Grafana stack install and uninstall (406c202)
- ⚡ We might need allowCrossNamespaceImport (ece35a0)
Bug Fixes
- 🚑 Add trailing slash to URLs (6f6beaf)
- 🚑 Fix dso-config secret (c6ce806)
- 🚑 Fix GitLab CI Pipelines Exporter role (token retrieval) (7949c3e)
- 🚑 Removing YAML anchors generating Ansible errors (5b6d23c)
- 🎨 Fix Argo CD Dashboard (fcba600)
- 🎨 Fix Keycloak and SonarQube dashboards (588f986)
- 🎨 Fix Nexus dashboard (6126c2b)
- 🎨 Fix Vault dashboard (ea42530)
- 🎨 Manage datasource UID (47c8451)
- 🎨 use native console cnpg cluster (2f74868)
- 🐛 Adapt join command for Vault node 3 (41aa2c1)
- 🐛 Add conditions to prevent some tasks from failing (ca79f57)
- 🐛 Add missing postgres delete command (78bce70)
- 🐛 add wait endpoints tasks (8f371ab)
- 🐛 cnpg backups management (5bece28)
- 🐛 console deployment related tasks and templates (742f2ab)
- 🐛 Fix Argo CD job name (4a4f6bf)
- 🐛 Fix CNPG Dashboard namespace selector (3261b76)
- 🐛 Fix conf kind + decoding values (8504b71)
- 🐛 Fix GitLab Runner and Gitaly dashboards (960e98f)
- 🐛 Fix HA enablement + OIDC + get credentials (76a8aa1)
- 🐛 Fix Harbor dashboard (95e317f)
- 🐛 Fix missing admin-creds secret update (5724454)
- 🐛 Fix Nexus admin password setting tasks (b5707f3)
- 🐛 Fix some tasks (9d5bcf8)
- 🐛 Fix Vault metric call (76ded42)
- 🐛 get-credentials playbook (7d91efd)
- 🐛 gitlab catalog shell script (e598083)
- 🐛 handle cnpg backups deactivation (5563dd9)
- 🐛 missing pg secret on first console deployment (dd101d8)
- 🐛 Refactor check tasks and fix root_token (8bcc42a)
- 🐛 Remove unneeded time range (a0a2a17)
- 🐛 Upgrade Argo CD to fix servicemonitor deployment (2d2f417)
- 🐛 vault oidc group mapping need full group path (292d6eb)
- 📝 Corrections de typos et reformulations (477b6ad)
- ⚡ Update retries count (85602eb)
Performance Improvements
- ⚡ enable vault ha (d90ee55)
Reverts
Databases
Harbor and Console databases have been migrated to CNPG clusters, to perform the migration, follow the steps bellow :
- Scale down deployments
- Backup database
- Deploy CNPG cluster
- Restore database
- Scale up deployments
To change Harbor database permission from the old user registry
to the new one harbor
, connect to the primary instance of the fresh CNPG cluster and run the following command :
for tbl in `psql -U postgres -qAt -c "select tablename from pg_tables where schemaname = 'public';" registry`; do
psql -U postgres -c "alter table \"$tbl\" owner to harbor" registry
done
for tbl in `psql -U postgres -qAt -c "select sequence_name from information_schema.sequences where sequence_schema = 'public';" registry`; do
psql -U postgres -c "alter sequence \"$tbl\" owner to harbor" registry
done
for tbl in `psql -U postgres -qAt -c "select table_name from information_schema.views where table_schema = 'public';" registry`; do
psql -U postgres -c "alter view \"$tbl\" owner to harbor" registry
done
For more informations, see. https://stackoverflow.com/questions/1348126/postgresql-modify-owner-on-all-tables-simultaneously-in-postgresql
Vault
The vault server is now running in HA, which involves migrating to the raft storage backend by following the steps below :
-
Retrieve the credentials for our standalone Vault instance, e.g. :
ansible-playbook admin-tools/get-credentials.yaml -t vault
-
Connect to Vault and create a test secret if necessary, or check the secrets already present.
-
Launch Vault HA installation via Vault's Ansible role :
ansible-playbook install.yaml -t vault
The installation will create two new pods which will act as standby instances, but it will fail to add them to the raft cluster. This is normal, as the active instance does not yet have raft storage.
-
Open a shell in the vault container on the active Vault pod (vault-0), example in the context of a Vault configured v...
v2.5.0
v2.4.0
v2.3.0
2.3.0 (2024-04-12)
Features
- ✨ add velero pre hook db backups (04773cf)
- ✨ enable daily trivy scan on harbor (cd77551)
- ✨ introduce prometheus crd management (fc225de)
Bug Fixes
- 🐛 fix the ability to customize argo values + security context for AppSet (4a4e175)
- 🐛 in development mode allow 127.0.0.1 (9476919)
- add missing ServiceMonitor CRD (828ae4a)
- regexp without tmp file (861046e)
- remove prometheus CRD task (f589940)
- Upgrade Harbor to 2.10.1 version and Console to 8.0.2 version (6ee3be4)
v2.2.0
v2.1.1
v2.1.0
v2.0.0
2.0.0 (2024-03-01)
⚠ BREAKING CHANGES
- ✨ Kyverno as a Kubed replacement
- 🎨 Fix some parameters for updated Argo CD
Features
- 🎨 Add Kyverno namespace to dsc + improve uninstall (410e344)
- 🎨 Add uninstall for Grafana ingress (eb33f15)
- 🎨 Improve Kyverno uninstall (b05d2b9)
- ✨ Add keycloak binding, dashboards + refactor (391eeb8)
- ✨ Add some dashboards (c29eeef)
- ✨ Adding Harbor dashboard (8e94d80)
- ✨ Adding new dashboards (c78b738)
- ✨ Change dashboards creation process (6719e82)
- ✨ Kyverno as a Kubed replacement (124e24e)
Bug Fixes
- 🎨 Fix some parameters for updated Argo CD (ac40895)
- 🎨 Remove useless force (2d7fd26)
- 🐛 Dashboards settings (cd4aa01)
- 🐛 Fix (typo) (9de47fa)
- 🐛 Fix get-credentials (grafana part) (2ff5a4b)
- 🐛 Fix get-credentials for grafana part (e154dae)
- 🐛 Refactor and fix GitLab metrics (e09a138)
- 🐛 Refactor and fix GitLab metrics (fbab543)
v1.3.0
1.3.0 (2024-01-31)
Features
- 🔖 Update Console version (7a07b69)
- 🔒 force images pull on gitlab runner to prevent cache abuse (bbe1480)
- 🔒 force images pull on gitlab runner to prevent cache abuse (62c701c)
- ✨ (9487622)
- ✨ Activate keycloak basic metrics (e7630fd)
- ✨ Activate metrics when dsc.global.metric.enabled (49e91f8)
- ✨ Activate monitoring for additionnal resources + refactor (9c9f979)
- ✨ Activate monitoring + small refactor (255bb56)
- ✨ Activate Nexus metrics scraping (0e53610)
- ✨ Activate Vault metrics (63ade45)
- ✨ Add checks + uninstall feature (9d8c218)
- ✨ Add directAccessGrantsEnabled to console-frontend client (cc85b8b)
- ✨ Add global metrics parameter (7e0a919)
- ✨ Add Grafana credentials retrieval and default datasource (7fd54be)
- ✨ Add never tag for grafana + some SonarQube credentials (26827dc)
- ✨ Added the never tag so the role in only played on demand. (738eff0)
- ✨ Check Grafana instance before installing datasource (a8da5e6)
- ✨ Conditionnal metrics enablement (46f27c6)
- ✨ Enable GitLab Runner metrics, Service and ServiceMonitor (2706849)
- ✨ Install Grafana instance + enable Keycloak metrics (9ac6ff8)
- ✨ Manage sealed Vault and configmap changes (3d2033b)
- ✨ Metrics activated if enabled in dsc (987f110)
- ✨ Metrics authentication enabled + patch ServiceMonitor (8195910)
- ✨ Uninstall Grafana instance and/or its defaults datasource (835a74b)
- ⚡ Update console version (bac4144)
- ⚡ Update GitLab chart version (f5bc072)
- ⚡ Update GitLab chart version (f640320)
- ⚡ update keycloak replication to 3 containers (7cca65f)
- ⚡ update keycloak replication to 3 containers (7e6ba96)
Bug Fixes
- 🚑 Move harbor values file (fff3276)
- 🐛 bad tls runner toml (db5cea5)
- 🐛 bad tls runner toml (aba354c)
- 🐛 CRD and some values (84fdcfd)
- 🐛 CRD and some values (c4f9666)
- 🐛 Fix missing cert parth + condition dsc.exposedCA.type (a25713e)
- 🐛 Fix missing gitlabRunner as a dsc crd requirement (672c96d)
- 🐛 Fix releases file (5885825)
- 🐛 Fix releases file (6d0cd75)
- 🐛 fix sonarqube deployment (01c2442)
- 🐛 fix sonarqube deployment (a753094)
- 🐛 Indentations (b353fab)
- 🐛 Prevent failure on PodMonitor creation (f1ce65d)
- 🐛 We should allow downgrading too (067e1e9)
- 🔥 We do not enable prometheus rules from helm chart (40097c9)
Performance Improvements
v1.2.0
1.2.0 (2023-12-13)
Features
- ✨ We don't install GitLab Operator when it's already here. (a3298e4)
- ⚡ Update console version (92ee57f)
Bug Fixes
- 🚑 Fix CNPG Clusters instances number / Remove unnecessary PG image setting (5877d4f)
- 🐛 (1561d78)
- 🐛 Fix dual installation (GitLab part) (07ce30c)
- 🐛 Fix Gitlab Operator uninstall and ns retrieval + GitLab values settings (ada1f9e)
- 🐛 Fix missing cert parth + condition dsc.exposedCA.type (8a7ddc0)
- 🐛 We want to use installed GitLab Operator namespace (4049368)